Note: most of the bugs fixed on 2016-09-06 and 2016-09-07 for issue #1780 are potentially exploitable. The scenario is arbitrary code execution with specially-crafted files. Updating is highly recommended.

mkvmerge: bug fix: AVC & HEVC readers: the readers will now refuse to handle files where the detected pixel width or height is equal to or less than 0. Before this fix the muxing process aborted with an assertion inside libMatroska. Fixes the last test case of #1780.

Time for the next release of MKVToolNix. This time it’s really just polishing of existing functionality.

Dear package maintainers: I have to say again that MKVToolNix v9.3.1 and later requires the recently released libEBML v1.3.4 and libMatroska v1.4.5. Even though both libraries are API and ABI compatible with their prior releases this only means that a program compiled against an older version of the library will still work when run against a newer version of the library.

However, MKVToolNix v9.3.1 and newer use features newly introduced in libMatroska v1.4.4. This means that you cannot compile MKVToolNix v1.4.5 and try to run it against v1.4.4 — that’ll fail with symbol lookup errors from ld.

I’ve received multiple reports of MKVToolNix v9.3.x packages that could be installed with libMatroska v1.4.4. This won’t work. Please make the dependency on v1.4.5+ explicit. Thanks.

You can download the source code or one of the binaries. The Windows and Mac OS binaries are available. Most of the Linux binaries are still being built and will be available in a couple of hours.

mkvmerge: bug fix: when appending files mkvmerge wasn’t starting clusters on video key frame anymore for the first and all following appended files. Fixes #1757.

2016-07-31 Moritz Bunkus <moritz@bunkus.org>

MKVToolNix GUI: merge tool enhancement: when adding attachments the GUI will check if there are attachments or attached files with the same name as the file to add. If so the GUI will tell the user and ask for confirmation.

mkvmerge: bug fix: mkvmerge does no longer emit a warning if no comment header packet is found when reading tracks from Ogg/OGM files. See #1754.

2016-07-19 Moritz Bunkus <moritz@bunkus.org>

MKVToolNix GUI: merge tool enhancement: the "select a play list to add" dialog does now contain a column with the number of chapters for each play list found.

MKVToolNix GUI: job queue enhancement: dragging & dropping a valid .mtxcfg file (either a full job file or one containing only merge settings without the job properties) onto the job queue window will import the dropped .mtxcfg job into the job queue. Rest of the implementation of #1714.

2016-07-18 Moritz Bunkus <moritz@bunkus.org>

MKVToolNix GUI: merge tool enhancement: dragging & dropping a job queue .mtxcfg file onto the merge tool or using one as a command line parameter to the mkvtoolnix-gui executable will import the .mtxcfg job into the job queue. Part of the implementation of #1714.

2016-07-15 Moritz Bunkus <moritz@bunkus.org>

MKVToolNix GUI: merge tool bug fix: the automatic adjustments to the output file name based on the track types selected for muxing and the mechanism for keeping output file names unique had been broken since release v9.3.0. Fixes #1743.

Last week FossHub was breached by attackers from the group PeggleCrew. As I’m using FossHub as the primary mean of distributing Windows and MacOS binaries for MKVToolNix, users have asked me whether MKVToolNix or my other servers have been compromised, too.

To the best of my knowledge the answer is: no.

I base this on several facts:

Last week the FossHub administrators sent an quick announcement to the developers hosting their software on FossHub on the day the breach was discovered. In it the admins were very open and honest about how they’d been breached, what the attackers had had access to, and what had been modified. While they did have access to the MKVToolNix binaries, those binaries were not modified.

Several reports about the incident that have been release since by various media do not list MKVToolNix either.

To date I haven’t received a single report by a user about a MKVToolNix binary that was acting suspiciously or that was detected by anti virus tools as dangerous.

Another thing the attackers did have access to was the account database used for the developer section of the site. That database includes the passwords, and they’ve allegedly not been salted. This, however, doesn’t pose a problem for me either:

I’m using random, long passwords for such sites. Therefore it’s irrelevant whether or not the passwords have been salted as rainbow attacks (the use of pre-computed tables containing the cleartext passwords and their hashed checksums) aren’t effective against randomly generated passwords.

Even more important is that I don’t re-use passwords on other sites. So even if someone was able to determine the cleartext version of my FossHub password, it wouldn’t do them any good as it cannot be used to gain entry to any other service I’m using.

There are two things Windows users can do to verify that the binaries they’ve downloaded from FossHub are clean. The first is to verify its SHA-1 and SHA-512 checksums. I provide both checksums on my own server, and they’re always linked to from the download page: SHA1 checksums for 9.3.1, SHA512 checksums. Checksums for other versions can be queried by replacing the version number 9.3.1 in the URL with the one you’re interested in.

The second thing is to check that the executables (both the installer’s executable as well as the ones for the actual tools) are signed by the right certificate. I’m using a certificate signed by StartSSL (StartCom) (“CN = StartCom Class 2 Object CA, OU = StartCom Certification Authority, O = StartCom Ltd., C = IL”). My current certificate’s serial number is ‎5a:d8:f8:75:9a:c3:46:ae:8b:ec:99:15:eb:b5:5d:04 and its SHA1 fingerprint is 48:13:1B:5D:41:63:12:07:D2:86:20:6C:28:F3:78:C8:06:6F:34:AA, though those two values are subject to change when the certificate will be renewed in 2018.

Yesterday’s release v9.3.0 contains a rather nasty one causing a lot of errors from mkvmerge about an “invalid probe range percentage”. As this affects everyone I’ve fixed the issue and am now releasing v9.3.1.

Apart from that fix it’s the same as v9.3.0. It implements several enhancements requested by users, and of course it contains the usual list of bug fixes. Nothing major, mind you. But see below.

MKVToolNix GUI: merge tool bug fix: the GUI v9.3.0 was often creating an invalid syntax for the –probe-range-percentage parameter for mkvmerge due to uninitialized memory. Fixes #1741.

Released v9.3.0 "Second Sight".

2016-07-10 Moritz Bunkus <moritz@bunkus.org>

mkvmerge, MKVToolNix GUI: new chapter generation feature: two new placeholders have been introduced when generating chapters for appended files, <FILE_NAME> and <FILE_NAME_WITH_EXT>. The former will be replaced by the appended file’s name without its extension; the latter with its extension. Implements #1737.

MKVToolNix GUI: merge tool enhancement: when opening a saved configuration (via the menu as well as via drag & drop) the current tab will be replaced if it is empty ( = in the same state it is in right after creating new mux settings). Implements #1738.

mkvmerge, MKVToolNix GUI: added an option for specifying how much of a MPEG PS or TS file is probed for tracks (–probe-range-percentage). Implements #1734.

2016-07-09 Moritz Bunkus <moritz@bunkus.org>

mkvmerge: MPEG TS: considerable parts of the module have been rewritten. Due to its convoluted structure didn’t buffer PES packets properly before trying to parse the PES header leading to invalid memory accesses in certain cases.

2016-07-03 Moritz Bunkus <moritz@bunkus.org>

mkvmerge: bug fix: fixed overly long file type detection in some cases when text subtitle type probing read a lot of data due to there being no carriage returns near the start of the file.

mkvmerge, mkvextract, MKVToolNix GUI: bug fix: several fixes to the handling of country codes. The list has been updated to reflect the currently valid top level domain country codes. Deprecated codes such as "gb" for "Great Britain" are now mapped to their updated values ("uk" for "United Kingdom" in this case). Fixes #1731.

mkvmerge: WavPack4 bug fix: relaxed the stream detection criteria to only require the major version to be 4 and not to check the minor version. Fixes #1720.

2016-07-02 Chao Chen <tochenchao@gmail.com>

mkvmerge, mkvinfo: new feature: added flags to support the Colour elements in the video tracks of Matroska containers. Users can use those flags to specify the colour space, transfer function, chromaticity coordinates etc. These properties are useful for correct colour reproduction of high dynamic range / wide colour gamut videos.

2016-07-02 Moritz Bunkus <moritz@bunkus.org>

configure: fixed the Qt detection with Qt 5.7.0 which now requires the compiler to be in C++11 mode.

build system: libEBML v1.3.4 and libMatroska v1.4.5 are now required due to the usage of new elements introduced in libMatroska v1.4.5. The copies included in the MKVToolNix source code have been updated to those releases as well.

2016-06-28 Moritz Bunkus <moritz@bunkus.org>

mkvmerge: MP4 bug fix wrt. DTS handling: mkvmerge will re-derive parameters such as number of channels and sampling frequency from the DTS bitstream circumventing invalid values in the track headers (e.g. a channel count of 0). Fixes #1727/1728.

MKVToolNix GUI: merge tool enhancement: the default track languages to set can now also be set whenever the language in the source file is ‘undefined’ (‘und’). This is now the default and can be changed back to the old behavior (only set if the source file doesn’t contain a language attribute) in the preferences. Implements #1697.

2016-06-04 Moritz Bunkus <moritz@bunkus.org>

MKVToolNix GUI: merge tool enhancement: menus have been added to both the "start muxing" and the "add to job queue" buttons. The menus let the user override the preferences regarding clearing merge settings after starting to mux and after adding a job to the queue respectively. Implements #1696.

mkvmerge: the warning about not being able to determine whether a raw AAC file contains HE-AAC/AAC+/SBR has been removed. Implements #1701.

MKVToolNix GUI: merge tool bug fix: the GUI now takes into account whether splitting is activated when looking for and warning due to existing destination files. Fixes #1694.

mkvmerge: bug fix: the parser for the –default-duration argument was wrongfully handling arguments of the form "123/456i" (only this specific syntax and only with "i" as the unit; other formats and units were fine). This is part of #1673. Additionally the parser doesn’t use the "double" data type internally anymore fixing loss of precision and failing test cases on certain 32bit platforms. This fixes #1705.